A report released today by UK threat intelligence firm Armor shines a light on the prices practiced on Dark Web markets for a wide range of cybercrime-related services.
The report, compiled by trawling several well-known Dark Web markets, shows a slight increase in pricing compared to the prices reported by the Dell SecureWorks INTEL Team in 2013, 2014, and 2015.
According to Armor, one could rent DDoS attacks for $10/h, $200/day, or for $500-$1,2000 for week-long attacks. Banking botnets ($750/month), exploit kits ($1,400/month), WordPress exploits ($100), ATM skimmers ($1,500), and hacking tutorials ($50) are also available for sale.
But by far the most prevalent item you can find on the Dark Web has remained carding data. Data is organized and sold based on the victim’s origin country.
Credit card details —often obtained by using web or POS malware— are cheaper, while full card data including Track 1 or Track 2 data needed to create cloned cards is far more expensive, sometimes double, triple, or many times the price of basic credit card details.
Fraudsters can also buy access to compromised bank accounts. The prices for these accounts vary depending on the amount of money they hold. Crooks use banking trojans to gain access to these accounts, and fraudsters buy this access in order to initiate fraudulent transactions with the money stored within. Fraudsters make a profit by reselling the products bought using the victims’ funds.
But users can also find fake documents on the Dark Web. These include forged IDs, passports, driver’s licenses, US green cards, drug prescriptions, bills, bank statements, and so on. Passports, IDs, and driver’s licenses are usually the most expensive, with North American documents being the most pricey.
Last but not least, Dark Web markets and forums also include an assortment of hacked online accounts. Access to a hacked social media account costs around $13 on average, and hackers can offer access to accounts on Facebook, Twitter, Instagram, Hulu, Netflix, Spotify, Amazon, Skype, and others.
More recently, cybercriminals have also started offering rewards points. For example, Armor discovered hackers selling access to a Southwest Airlines rewards account with at least 50,000 miles for $98.88.
Accounts at EU-based airlines were also available, and hackers were also selling access to hotel awards points accounts for prices of up to $150.